I am phasing out a Sonicwall 1260 with an ASA 5510 cluster. The Sonicwall uses PAT with a single public IP.
Email, VPN, ftp and other services are coming in through the wan interface and are port forwarded to their destination servers on the lan.
Today I was having an issue with getting services through the asa 7.2 os and the ACL kept blocking the connections.
I believe its down to the fact that the outside ip is the same as the IP the connections are going to eg the mx record points to the outside ip and any connections on port 25 are being dropped.
Am I doing something wrong or does the asa want to pat the internal network to one ip and have external connections come in on a seperate ip?
The .128 mask is down to the ISP and their setup and I dont have that many addresses available!
Any help appreciated
description Link to LAN
ip address 188.8.131.52 255.255.255.0 standby 184.108.40.206
description Link to ICE
ip address x.x.x.10 255.255.255.128 standby x.x.x.31
access-list outside_in extended permit tcp any host x.x.x.10 eq smtp
access-list outside_in extended permit icmp any any echo-reply
access-list outside_in deny ip any any log
access-group outside_in in interface outside
global (outside) 1 interface
nat (inside) 1 220.127.116.11 255.255.255.0
static (inside,outside) tcp x.x.x.10 smtp 18.104.22.168 smtp netmask 255.255.255.255
Change your static commands to include the keyword "interface" instead of x.x.x.10.
static (inside,outside) tcp interface smtp 22.214.171.124 smtp netmask 255.255.255.255
Please rate helpful posts.